Transcription

3 Public-Key Cryptography public key public key? private key Alice Bob Given: Everybody knows Bob s public key - How is this achieved in practice? Only Bob knows the corresponding private key Goals: 1. Alice wants to send a message that only Bob can read 2. Bob wants to send a message that only Bob could have written slide 3

4 Applications of Public-Key Crypto Encryption for confidentiality Anyone can encrypt a message With symmetric crypto, must know the secret key to encrypt Only someone who knows the private key can decrypt Secret keys are only stored in one place Digital signatures for authentication Only someone who knows the private key can sign Session key establishment Exchange messages to create a secret session key Then switch to symmetric cryptography (why?) slide 4

6 Some Number Theory Facts Euler totient function (n) where n 1 is the number of integers in the [1,n] interval that are relatively prime to n Two numbers are relatively prime if their greatest common divisor (gcd) is 1 Euler s theorem: if a Z n *, then a (n) 1 mod n Special case: Fermat s Little Theorem if p is prime and gcd(a,p)=1, then a p-1 1 mod p slide 6

9 Why Is RSA Secure? RSA problem: given c, n=pq, and e such that gcd(e,(p-1)(q-1))=1, find m such that m e =c mod n In other words, recover m from ciphertext c and public key (n,e) by taking e th root of c modulo n There is no known efficient algorithm for doing this Factoring problem: given positive integer n, find primes p 1,, p k such that n=p 1 e1p 2 e2 p k ek If factoring is easy, then RSA problem is easy, but may be possible to break RSA without factoring n slide 9

10 Textbook RSA Is Bad Encryption Deterministic Attacker can guess plaintext, compute ciphertext, and compare for equality If messages are from a small set (for example, yes/no), can build a table of corresponding ciphertexts Can tamper with encrypted messages Take an encrypted auction bid c and submit c(101/100) e mod n instead Does not provide semantic security (security against chosen-plaintext attacks) slide 10

18 Security of DSA Can t create a valid signature without private key Can t change or tamper with signed message If the same message is signed twice, signatures are different Each signature is based in part on random secret k Secret k must be different for each signature! If k is leaked or if two messages re-use the same k, attacker can recover secret key x and forge any signature from then on slide 18

19 PS3 Epic Fail Sony uses ECDSA algorithm to sign authorized software for Playstation 3 Basically, DSA based on elliptic curves with the same random value in every signature Trivial to extract master signing key and sign any homebrew software perfect jailbreak for PS3 Announced by George Geohot Hotz and Fail0verflow team in Dec 2010 Q: Why didn t Sony just revoke the key? slide 19

21 Why Is Diffie-Hellman Secure? Discrete Logarithm (DL) problem: given g x mod p, it s hard to extract x There is no known efficient algorithm for doing this This is not enough for Diffie-Hellman to be secure! Computational Diffie-Hellman (CDH) problem: given g x and g y, it s hard to compute g xy mod p unless you know x or y, in which case it s easy Decisional Diffie-Hellman (DDH) problem: given g x and g y, it s hard to tell the difference between g xy mod p and g r mod p where r is random slide 21

22 Properties of Diffie-Hellman Assuming DDH problem is hard, Diffie-Hellman protocol is a secure key establishment protocol against passive attackers Eavesdropper can t tell the difference between the established key and a random value Can use the new key for symmetric cryptography Basic Diffie-Hellman protocol does not provide authentication IPsec combines Diffie-Hellman with signatures, anti-dos cookies, etc. slide 22

23 Advantages of Public-Key Crypto Confidentiality without shared secrets Very useful in open environments Can use this for key establishment, avoiding the chicken-or-egg problem With symmetric crypto, two parties must share a secret before they can exchange secret messages Authentication without shared secrets Encryption keys are public, but must be sure that Alice s public key is really her public key This is a hard problem Often solved using public-key certificates slide 23

Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications

Introduction to Cryptography Part 2: public-key cryptography Jean-Sébastien Coron January 2007 Public-key cryptography Invented by Diffie and Hellman in 1976. Revolutionized the field. Each user now has

Public Key Cryptography and RSA Murat Kantarcioglu Based on Prof. Ninghui Li s Slides Review: Number Theory Basics Definition An integer n > 1 is called a prime number if its positive divisors are 1 and

Ch.20 Public-Key Cryptography and Message Authentication I will talk about it later in this class Final: Wen (5/13) 1630-1830 HOLM 248» give you a sample exam» Mostly similar to homeworks» no electronic

The : Keeping Eve The Eavesdropper Away From Your Credit Card Information Department of Mathematics North Dakota State University 16 September 2010 Science Cafe Introduction Disclaimer: is not an internet

Lecture topics Cryptography basics Using SSL to secure communication links in J2EE programs Programmatic use of cryptography in Java Cryptography basics Encryption Transformation of data into a form that

RSA Attacks By Abdulaziz Alrasheed and Fatima 1 Introduction Invented by Ron Rivest, Adi Shamir, and Len Adleman [1], the RSA cryptosystem was first revealed in the August 1977 issue of Scientific American.

Network Security 1 Professor Richard Harris School of Engineering and Advanced Technology Presentation Outline Overview of Identification and Authentication The importance of identification and Authentication

The RSA Algorithm: A Mathematical History of the Ubiquitous Cryptological Algorithm Maria D. Kelly December 7, 2009 Abstract The RSA algorithm, developed in 1977 by Rivest, Shamir, and Adlemen, is an algorithm

Today ENCRYPTION The last class described a number of problems in ensuring your security and privacy when using a computer on-line. This lecture discusses one of the main technological solutions. The use

1 Digital Signatures A digital signature is a fundamental cryptographic primitive, technologically equivalent to a handwritten signature. In many applications, digital signatures are used as building blocks

Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead

Cryptography Digital Signatures Professor: Marius Zimand Digital signatures are meant to realize authentication of the sender nonrepudiation (Note that authentication of sender is also achieved by MACs.)

Public Key Cryptography: RSA and Lots of Number Theory Public vs. Private-Key Cryptography We have just discussed traditional symmetric cryptography: Uses a single key shared between sender and receiver

Announcements CS43: Discrete Structures More on Cryptography and Mathematical Induction Işıl Dillig Class canceled next Thursday I am out of town Homework 4 due Oct instead of next Thursday (Oct 18) Işıl

Introduction to Cryptography, Part II Mariana Raykova 1 Alice and Bob Alice wants to communicate securely with Bob (Cryptographers frequently speak of Alice and Bob instead of A and B... What key should

The application of prime numbers to RSA encryption Prime number definition: Let us begin with the definition of a prime number p The number p, which is a member of the set of natural numbers N, is considered

Digital Signatures Meka N.L.Sneha Indiana State University nmeka@sycamores.indstate.edu October 2015 1 Introduction Digital Signatures are the most trusted way to get documents signed online. A digital

Digital Signature and Public Key Cryptosystem in a Prime Order Subgroup of Z n Colin Boyd Information Security Research Centre, School of Data Communications Queensland University of Technology, Brisbane

Software Implementation of Gong-Harn Public-key Cryptosystem and Analysis by Susana Sin A thesis presented to the University of Waterloo in fulfilment of the thesis requirement for the degree of Master

Advanced Analogue and Digital Encryption Methods Presented by: Dr. S. Sarpal Background Term given to a mathematical algorithm OR a set of known sequences. Mixed with message to hide the meaning of content.

9 Modular Exponentiation and Cryptography 9.1 Modular Exponentiation Modular arithmetic is used in cryptography. In particular, modular exponentiation is the cornerstone of what is called the RSA system.